Uploaded image for project: 'Kylin'
  1. Kylin
  2. KYLIN-3197

When ldap is opened, I use an ignored case user to login, the page does not respond.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: v2.3.0
    • Fix Version/s: Future
    • Component/s: Security
    • Labels:
    • Flags:
      Patch

      Description

      When ldap is opened, I config the kylin.properties, and give wkhGroup the admin permission.

      ## Admin roles in LDAP, for ldap and saml
      kylin.security.acl.admin-role=wkhGroup
      

      then I create a new user named 'wkh' whose group is 'wkhGroup', then I use 'wkh' to login in, which is normal.
      But when I use 'WKH' to login in, the page does not respond.
      I analyze the backgroud code, and find the function of 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, String)' has problem.
      When userDn is "uid=wkh,ou=People,ou=defaultCluster,dc=zdh,dc=com" and username is "WKH", then authorities will be empty Set by the follow code:

      Set<GrantedAuthority> authorities = super.getGroupMembershipRoles(userDn, username);
      

      So I have added 'getAdditionalRoles' function to get the authorities again.
      I have test the patch, please review, thanks!

        Attachments

        1. image-2018-02-12-12-25-15-793.png
          42 kB
          Jiatao Tao
        2. image-2018-02-12-12-15-39-132.png
          79 kB
          Jiatao Tao
        3. image-2018-02-12-12-15-28-826.png
          79 kB
          Jiatao Tao
        4. image-2018-02-12-12-15-00-574.png
          125 kB
          Jiatao Tao
        5. image-2018-02-08-15-35-03-902.png
          29 kB
          Jiatao Tao
        6. image-2018-02-08-15-33-54-480.png
          29 kB
          Jiatao Tao
        7. image-2018-02-08-15-33-07-277.png
          29 kB
          Jiatao Tao
        8. image-2018-02-08-15-32-25-030.png
          123 kB
          Jiatao Tao
        9. image-2018-02-06-14-09-32-591.png
          206 kB
          Jiatao Tao
        10. 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch
          2 kB
          Peng Xing
        11. image-2018-01-25-17-22-39-970.png
          8 kB
          Peng Xing

          Activity

            People

            • Assignee:
              xingpeng1 Peng Xing
              Reporter:
              xingpeng1 Peng Xing
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: